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Abstract. Using an adaptation of Qin Jiushao's method from the 13th cen- 
tury, it is possible to prove that a system of linear modular equations anXi + 
• • • + Oui n x n = bi mod rhi, i = 1, . . . , n has integer solutions if > 1 arc 
pairwise relatively prime and in each row, at least one matrix element aij is 
relatively prime to m;. The Chinese remainder theorem is the special case, 
where A has only one column. 

1. The statement with proof 

Consider a linear system of equations Ax = b mod to, where A is an integer n x n 
matrix and b, to are integer vectors with coefficients to, > 1. 

Theorem 1.1 (Multivariable CRT). If mi are ■pairwise relatively prime and in each 
row, at least one matrix element is relatively prime to mi, then Ax = b mod to 
has solutions for all b. There is a solution x in an n- dimensional parallelepiped 
X = Zj^/i of volume M = mi ■ ■ ■ m n , where L is a lattice in Z M . 

Proof. The map <j> : x — > Ax mod to is a group homomorphism from the Abelian 
group X = Z™ to the finite Abelian group y = Z TOl x • • • x Z TOn = y/L, where 
L = (miZ) x • • • x (to„Z) is a lattice subgroup of y. The kernel of <f> is a subgroup La 
of X and X — X/La- The image of <j> is a subgroup of JV- By the first isomorphism 
theorem in group theory, the quotient group X and the image are isomorphic. The 
kernel La is a lattice in X spanned by n vectors k\, . . . ,k n . The map <j> is injective 
on X. By the Lagrange theorem in group theory, there exist finitely many vectors 
Vi € y such that A{X) +yi = y. The problem is solvable for all b if and only 

if d(A) = 1. For every fe, there exists then a unique integer vector x in X such that 
Ax = b mod to. As in the usual CRT, we have a solution if each equation has a 
solution. To construct a solution, pick matrix elements a^^) such that the z'th row 
is relatively prime to TOj. Let ej denote the standard basis in n-dimensional space. 
Consider a line x{t) — £e}(i) in X, where t is an integer. There exists an integer t\ 
so that x(t) solves the first equation. Now take the line x(t) — t\ej^ + tmiej^)- 
There is an integer ti so that x(t) solves the second equation. This is possible 
because mi is relatively prime to to 2 . Note that x(t) still solves the first equation 
for all t. We have now a solution to two equations. Continue in the same way until 
the final solution x{t) = ti{ m i ■ ■ ■ m i)^ij(i) 1S reached. □ 
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Example: 



is solved by 
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The lattice La is spanned by 
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Remark. The original paper of January 27, 2005 (google " multivariate Chinese 
remainder" ) had been written in the context of multidimensional Diophantine ap- 
proximation and was part of a talk on April 11, 2005 in Dmitry Kleinbock's seminar 
at Brandeis. [I had at that time been interested in the Diophantine problem to find 
for 9,a,f3 small integers n, m such that 8 + an + /3m is close to an integer. In 
one dimensions this is achieved by continued fraction expansions jT5j 02] , but the 
problem is complex in two or higher dimensions. Solving it effectively would lead to 
faster integer factorization algorithms.] Referees at that time found the paper too 
elementary. While this is probably true, I feel even after 7 years and more literature 
research, that the result might well have been overlooked. Additionally, the multi- 
variable CRT can serve as an exercise in algebra or spice up an exposition about 
the traditional CRT. The story also has a historical angle when looking for the 
origin of solving systems of linear equations with integer solutions. There was some 
controversy for example whether Nicomachus has known anything about the CRT 
even so there is much evidence against it [17] . Historically, it appears now certain 
that the method to solve the multivariable CRT is due to the mathematician Qin 
in the 13th century, an algorithm which in modern language would be considered 
a special case and precursor for the Schreier-Sims algorithm pQ in computational 
group theory, an algorithm which is naturally used by everybody who solves puzzles 
whether it is the simple 15 puzzle or the more challenging Rubik cube 13J. 



The following changes were done for this update: the statement, the proof and 
an example are stated initially, some figures are gone, the text is streamlined and 
examples and remarks are separated. Remarks 10)-16) as well as more references 
like [TH [T71 El EH H31 [Ml 111 HU El HD] as well as some Mathematica code 
was added. A new literature search revealed [ IQj from which one can deduce our 
theorem, but it looks considerably less elementary. More digging in sources revealed 
that the proof is close to Qin Jiushao's "method of finding one" . This algorithm 
from the 13th century is especially remarkable because Qin did not have group 
theory nor even the notion of prime numbers at that time. 



2. Historical background 

The Chinese remainder theorem (CRT) is one of the oldest theorems in mathe- 
matics. It has been used to calculate calendars as early as the first century AD 
[51 [22]. The earliest recorded instance of work with indeterminate equations in 
China can be found in the 'Chiu-Chang Suan Shu', the "Nine Chapters on the 
mathematical art" , where a system of four equations with five unknowns appears 
[25] . This text is also an early source for Gaussian elimination [251 E] ■ The math- 
ematician Sun-Tsu (also Sun Zi), in the Chinese work 'Sunzi Suanjiing' (Sun Tzu 
Suan Ching) which translates to either "Master Sun's Mathematical Manual" or 
"Sun-Tzu's Calculation Classic" from the third century considered the problem to 
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find integral solutions to 



x 



= 2 mod 3 



x 



= 3 mod 5 



x 



= 2 mod 7 . 



This example has the solution x = 23 (see also [4]). It has been reported in [5] 
[j] to appear also in a textbook of Nicomachus of Gerasa in the first century. The 
consensus is today however, Sun Zi's text is indeed the first known occurrence of the 
CRT and that there is no Nicomachus connection. Unfortunately 'Sunzi Suanjing' 
is hard to date. The average of all estimates points towards 250AD [3] but it could 
be dated as late as the 4th century [17] . 

Mathematics earlier than that is probably void of the CRT. It is not a topic of 
'Suan Shu Shu' for example, an ancient Chinese collection of writings on bamboo 
strips 4J which is an anonymous text from about 200 BC and which does not con- 
tain linear algebra yet. Calendars were the presumably the major motivation for 
the CRT |23j : Congruences of first degree were necessary to calculate calendars in 
ancient China as early as the 2nd century BC. Subsequently, in making the Jingchu 
calendar (237, AD), the astronomers defined Shangyuan as the starting point of the 
calendar. "Master Sun's math manual" is now considered the earliest source of 
the CRT and the 'Shushu Jiuzhang' = "Mathematical Treatise in Nine Sections" 
in 1247 the earliest description of a solution algorithm. |^] According to [27], Qin 
Jiushao called his technique "method of finding one" , which achieved his goal with- 
out using concepts like prime number of prime factors. While nine problems in 
that text were exercises without applications, there was one problem dealing with 
calendar applications [18] . The Mathematics in that work is a major topic in the 
thesis [T7] of the sinologist Ulrich Libbrecht. 

The development of the CRT from the fourth to the 16'th century is fascinating and 
multi-cultural. In chapter 14 of [T7] we can read: In India there were Brahmagupta 
(ca 625) and Bhaskara (12th century), who developed the kuttaka method. In the 
Islamic world, Ibn al-Haitham treats this kind of problem and he may have influ- 
enced Leonardo Pisano (Fibonacci) in Italy. After the thirteenth century we do not 
find much further investigation in China, India or the Islamic world. But from the 
fifteenth century on there is a marked increase in European research, which reached 
its apogee in the studies of Lagrange, Euler and Gauss. Also Japanese mathemati- 
cians were involved: from [23] : The Japanese mathematician Seki Takakazua wrote 
"Kwatsuyo sampo" (Essential Algorithm) in 1683, the second chapter of which, Sho 
yukujutu su, deals with some algorithms corresponding to Qin's work.. The last ref- 
erence is of course to Qin Jiushao (=Chiu-Shao) the author of "Shushu Jiuzhang" . 

Linear congruences of more variables must have appeared only later. We do not 
count in examples like 5a; + 3y + z/3 = 100, a; + y + z = 100 which occur in 



^Dickson references Y. Mikami, Abh. Geschichte Math, 30, 1912, p. 32. The connection of 
Nicomachus with the CRT is disputed in |17| . We also could not find the example in I20| but 
other textbooks of Nicomachus are only referred to by other sources. 

2 This 13th century text should not be confused with the much older arithmetic textbook "Nine 
Chapters on the Mathematical Art" . 
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Zhanag Quijian's Mathematical manual of 475 [Mj with two equations of three 
variables. This can be considered a case for single variables because a substitution 
leads to a modular equation in one variable. Dickson [5j gives as the first reference 
Schonemann, who considered in the year 1839 equations of the form a\X\ + ■ ■ ■ + 
o-nXn = mod p, where p is a prime. It was probably Gauss [8], who first looked 
at modular systems of n linear equations of n unknowns. The case of equal moduli 
definitely dominates. The case of different moduli is less clear since it was usually 
reduced to the case of equal moduli: George Mathews noted in [TU] that a system 
of linear equations Ax — b mod to can be reduced to a system Bx = a mod to, 
where to = lcm(mi, . . . , m n ). For example, the system 

x + y = 1 mod 3 

x — y = 2 mod 5 

which has solution x = 3, y = 1 is equivalent to 

5x + 5y = 5 mod 15 

3x — 3y = 6 mod 15 . 

However, since many results and methods developed for a single moduli do not 
work - like row reduction or the inversion by Cramer's formula - there is not much 
gained with such a reduction. The Mathews reduction does also not allow to use 
the multivariable CRT generalization proven here. The reduction even does not 
help to solve the single variable CRT! Actually, the multivariable CRT we study 
here is in nature closer to the one variable CRT than to linear algebra. 

Gauss treated in his " disquisitiones arithmetica" (see [5] page 29) of 1801 systems 
of linear congruences but also with equal moduli. He considered in particular the 
system 

3x + 5y + z — 4 mod 12 
2x + 3y + 2z = 7 mod 12 
5x + y + 3z — 6 mod 12 

which has the four solutions (2, 11, 3), (5, 11, 6), (8, 11, 9), (11, 11, 0) in 7? 12 . The 
discrete parallelepiped spanned by (3, 0, 3), (12, 0, 0), (0, 12, 0) is mapped by the 
linear map A bijectively to a proper subset of Zf 2 - Indeed, the matrix A over the 
ring Z12 is not invertible because det(A) = 4 is not invertible in Z12. In Gauss 
example, there is a parallelepiped in Zf 2 which is mapped onto a proper subset of 
Z^ 2 by the transformation Ax mod 12. For the same matrix A, only one forth of 
all vectors b in Zf 2 allow that Ax = b mod 12 can be solved. In that case, there 
are four solutions. Elimination was used by Gauss also as a method to solve such 
linear systems of Diophantine equations: subtracting the last row from the sum of 
the first two gives 7y = 5 mod 12 or y = 11. We end up with the system 

3x + z = 9 mod 12 
5x + 3z — 7 mod 12 . 

Eliminating x gives 4z = mod 12 or z = mod 3 which leads to the 4 solutions 
z = 0,3,6,9. In each case, the solution x is determined. H.J.S. Smith [S] noted in 
1859 that if all moduli are the same m and det(^4) is relatively prime to m, then 
Ax — b mod m has a unique solution in the module ZJ^ over the ring Z m . Also 
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Cramer's rule (from 1750 evenso in the context of real numbers) gives the explicit 
solution Xi = det(Ag i )det(A) _1 in which the determinant det(A) is inverted in Z m 

and A? ■ is the matrix in which the z'th column had been replaced by b. Smith 
had noted first that det(A) must be prime to m. For integer matrix arithmetic in 
number theory, see |12j . 

Systems of linear modular equations definitely have been treated in the 18'th cen- 
tury, when all moduli nij are equal. The general case with different m, can be 
reduced to this case when all the moduli are all powers of prime numbers with the 
equivalence of each equation a\X\ + • • ■ + a n x n = b mod q^ 1 ■ ■ ■ qf 1 to 

a\Xi + ■ ■ ■ + a n x n = b mod q^ 1 

a\X\ + • • • + a n x n = b mod q^ 1 . 

As in the CRT, we can not do row-reduction with different moduli in general so that 
this is not a standard linear algebra problem any more. As the Mathew reduction 
has shown, the general case can also be reduced to the case when all moduli are 
equal but methods which worked before can no more be applied then. For example, 
the determinant of the new matrix is zero in Z m . 

As in linear algebra, complexity problems of solving^:? = b mod p are far from 
trivial. Beside the aim to find the structure of the solutions of a system of modular 
linear equations, there is the computational task to find solutions and a minimal 
area parallelepiped in on which A is injective as a map to Z mi x • • • x Z mii . How 
many computation steps are needed to decide whether a system has a solution and 
how many steps are required to find it? The question is addressed in [B] , where the 
problem is dealt with the method of quantifier elimination in discretely valued fields. 

Our approach here is elementary like the single variable CRT and generalizes Qin's 
approach to the usual CRT, in which solutions can be found in {0, . . . , M — 1 }, 
which can also be interpreted as a parallelepiped of length M = m\mi ■ ■ ■ m n and 
width dimensions of length 1. 

We still do not know the best way to find an optimal kernel (LLL helps a lot but is 
not always optimal) and decide effectively, when a general system Ax = b mod fh 
has a solution and when not. Our theorem only gives a sufficient condition. The 
efficiency part is especially relevant in cryptological context like in lattice attacks 
[llj . where one tries to reconstruct the keys from several messages. 

3. Examples 

We look now at a few examples of systems of n — 2 equations Ax = b mod m, where 
fh = (p, q) has the property that p, q are relatively prime. Unlike in the situation 
fh = (p, p) with prime p, where the solution can be found in the fixed algebra over 
the finite field Z p , it does now not matter in general, how singular the matrix A 
is. The decision known from linear algebra about the existence of solutions, unique 
solvabilty or non-solvabilty has still to be made: 
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Example 1) 

x + y = 1 mod 3 
x — y = 2 mod 5 . 

To a given solution like x — (3, 1), we can add solutions of the homogeneous equa- 
tion Axq = like (2,7), (3,3), (—1,4), (1, 11). This is an example, where solutions 
exist for all vectors b. The curve x(t) = (3t, t) mod p reduces the problem to the 
single variable CRT case 

At = 1 mod 3 
2t = 2 mod 5 

which always can be solved for t. 
Example 2) 

2x + 3y = 6 mod 7 
-3x - 9y = 3 mod 12 . 

This is an example, where the existence of integer solution (x, y) depends on the 
vector b. The above example has a solution. The system 

2x + 3y = 1 mod 7 
-3x - 9y = 1 mod 12 

has no solution. In the set Z 7 x Z 12 with 84 elements, we count 28 vectors b for 
which there is a solution and 56 elements, for which there is no solution. 

Example 3) 

6x - Ay = 7 mod 7 
lOx — 5y = 1 mod 5 . 

There is no solution because the second equation reads = 1 modulo 5. However, 
for a different b like 

6x — Ay — 2 mod 7 
lOx — 5y = 5 mod 5 , 

we have a solution x = (1, 1). In the set Z 7 x Z 5 with 35 elements, only 7 vectors 
b give a system with a solution. 

Example 4) The system 

x + y = 1 mod 3 
x + y = 2 mod 5 
can be reduced to a case of the CRT case: 

z = 1 mod 3 

z — 2 mod 5 

and is solved for z — 7. In the set Z3 x Z5 with 15 elements, every vector b has a 
unique solution z. The original system has now solutions like x = (1, 6) or x = (2, 5). 
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Example 5) The size of the lattice L in can vary when rh is fixed. Here is a 
case with a relatively narrow lattice spanned by the vectors (1,-3), (43, 14): 

6x — 2y = mod 11 
11a; — by = mod 13 . 
The extreme case is the CRT case, where the lattice has dimensions 143 x 1: 

6x — 3y = mod 11 
12a; - 6y = mod 13 . 

Next, we look now at examples, where the moduli rrii are not necessarily pairwise 
prime: 



Example 6) This example is a case for linear algebra. If rh = (mi . . . , m n ) — 
(p,...,p), where p is a prime number, we have a linear system of equations over the 
finite field F p . This is a problem of linear algebra, where solutions can be found by 
Gaussian elimination or by inverting the matrix. If the determinant of A is nonzero 
in the field Z p , then A -1 exists and x = A~ x y. For example, with p = 11, solving 
Ax = b mod rh: 
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is done in the same way as over the field of real numbers. The determinant is 5 
modulo p = 11 so that the matrix is invertible over F p . The inverse of A in F p is 

"861] I" 1 1 |" 1 " 

A- 1 = 7 9 10 and A~ l b = . Indeed x = 

5 



8 6 1 
7 9 10 
6 5 
system of equations. 



solves the original 



Example 7) : If only one column is nonzero, we have the Chinese reminder theorem. 
If the matrix A has only one nonzero column, we are in the CRT situation. This 
problem was considered 2000 years ago and was given its final form by Euler. For 
example, 
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is equivalent to 

2x = 5 mod 3 
3x = 8 mod 11 
x — 11 mod 7 
9x — 9 mod 13 . 

Also the original CRT problem a>iX = hi mod m, can be solved in a geometric 
language: with an integer "time" parameter t and the "velocity" v = (vi,...,v n ), 
the parameterized curve r(t) = tv mod rh is a line on the "discrete torus" 
y = Z mi x • • • x Z TOn . It covers the entire torus if the integers are pairwise 
relatively prime and a; ^ mod m; L . One can solve the task of hitting a specific 
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point b on the torus by solving the first equation V\X\ — b\ mod mi, then consider 
the curve V\{x\ -\-m\t), reducing the problem to a similar problem in one dimension 
less. Proceeding like this leads to the solution. The solution for the CRT was easy 
to find, because the group was Abelian. The strategy to retreat in larger and larger 
centralizer subgroups is also the key to navigate around in non- Abelian finite groups 
like "Rubik" type puzzles, where one first fixes a part of the cube and then tries 
to construct words in the finitely presented group which fixed that subgroup. It is 
a natural idea which puzzle-solvers without mathematical training come up with. 
By the way, also the Gaussian elimination process is an incarnation of this principle. 

Example 8) Here is a case where we have independent equations. If A is a diagonal 
matrix we have n independent equations of the form djXj = bj mod m.j. Solutions 
exist if gcd(a i ,m i ) = 1 for all i. If gcd(a, m) > 1 like a = 3,p = 6, there are no 
solutions of 3x = 2 mod 6 as can be seen by inspecting the equation modulo 3. 
Example: 
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Example 9) Here is a case, where row reduction works. If A is upper triangular or 
lower triangular matrix, the system can be solved by successively solving systems 
aiX = bi mod m,. Again, we have solutions if gcd(ai, m*) = 1 for all i. 
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Example 10) This is an example, when A is modular. If A 1 has only integer 
entries, solutions can be obtained directly with the formula x — A~ x b in Z™. This 
works if A is modular that is if A has determinant 1 or —1: 
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Example 11). For 

x + 3y + z = 1 mod 8 

Ax + y + 5z = 7 mod 8 

2x + 2y + z = 3 mod 8 , 

Gauss gives the solution x — 6,y = A, z = 7 mod 8 . Indeed, we would write today 
modulo 8, 
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On a more curious side, we could rewrite the original equations as 

x + z + 8u = 1 mod 3 
4x + y + 8v = 7 mod 5 
2x + z + 8w = 3 mod 2 

and apply the multivariable CRT to see that there is a solution. 

4. Remarks 

1) If all moduli rrii are equal to a prime m = p, the problem can be solved using 
linear algebra over the finite field F p . As noted first 150 years ago by Smith, if m is 
not prime, but the determinant of the matrix A is invertible in the ring Z m , then 
the problem can be solved for all b. 

2) If A has only one nonzero column, the problem is the CRT, one of the first topics 
which appears in any introduction to number theory. Also if there is a column Aij 
with fixed j for which gcd(Ay , m^) = 1 , then we can set X\ , . . . , Xj_i , Xj + i , . . . , x n = 
and solve for Xj with the one dimensional CRT. 

3) The lattice L is not unique in general. For example, if the lattice spanned by 
vi,...,v n , then it is also spanned by v\ +V2, V2, . . ■ , v n and the volume is the same. 

4) The multivariable CRT is sharp in the sense that the two conditions for solv- 
abilty are necessary in general, as examples have shown. As examples with equal 
moduli show other conditions for solvability exist. The Matthew trick sometimes 
allows linear algebra methods, but not in general because matrix might have deter- 
minant or even not be square. Already the single variable CRT can not be solved 
with linear algebra alone. 

5) The parallelepiped can be very long. An extreme case is the CRT situation, 
where it has length M — m,im 2 ■ ■ ■ m n and all other widths are 1. 

6) It would be useful to quantize how large the diameter of the parallelepiped is. 
If A is unimodular, the eigenvalues of A are relevant. 

7) A modern algebraic formulation of the single variable CRT is that for pairwise 
co-prime elements mi, ... , m n in a principal ideal domain R, the map x mod M — > 
(x mod mi,...,x mod m n ) is an isomorphism between the rings R/(miR) x 
Rj (m n R) and Rj (MR). Using the same language, the multivariable CRT can be re- 
stated that if R is a principal ideal domain and a ring homomorphism A : R n — > R n , 
for which the i'th row of A is not zero in R/(qiR) with factors <ft > 1 of nii, 
there is a lattice L in R n such that A is a ring isomorphism between R n /L and 
R/(m\R) x • • • x Rj (m n R). When seen in such an algebraic frame work, the result 
is quite transparent and might be "well known" in the sens that the multivariable 
CRT could well have entered as a homework in an algebra text book, but we were 
unable to locate such a place yet. Also a search through number theory text books 
could not reveal the statement of the multivariable CRT. 

8) While the problem of systems of linear modular equations Ax = b mod rh 
with different moduli m t studied here certainly is elementary, the lack of linear 
algebra and group theory two thousand years ago could explain why it had not 
been studied early. The problem has the CRT as a special case and must in general 
be understood and solved without linear algebra. Indeed, one of the proofs of the 
CRT essentially goes over to the multivariable CRT. But the constructive aspect 
of finding L and effectively inverting <f) is interesting and much more difficult than 
in the special case of the CRT. 
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9) There is unique solution to systems of modular equations if and only if there is 
a line A{tv) mod rh which covers the entire torus y — Z mi x • • ■ x Z TOn . If v is 
known, then it reduces the multivariable CRT problem to a CRT problem. 

10) It is no restriction of generality to assume the matrix A to be square. If we 
have less variables, we can add some zero column vectors and dummy variables 
which will be set to zero. If we have more variables, we can duplicate some of the 
equations. Both of these "completions" do not change anything in the theorem. 

11) Systems of modular equations have either a unique solution, no solution or 
finitely many solutions. In the third case, the number of solutions is a factor of 
M = mi m n . 

12) Any system linear modular equations can be written as a linear system Bx = y 
with one variable more. For example, 

2xi + 3x2 = 1 mod 5 
3xi + 5x2 — 1 mod 7 

can be written as 

2xi + 3x 2 + 5x 3 = 1 
3xi + 5x2 + 7x3 = 1 • 

13) An important case is when we have only one equation Ax = y like 

3a; + 5y + 7z = 11 . 

Then the system is solvable if and only if gcd(An, . . . , A ln ) divides y. This is a 
central result in linear Diophantine equations (see e.g. [55] Theorem 2.1.2). Note 
that our theorem covers only the 'if part here: if we rewrite the system as a modular 
equation like 

3x + 5y = 11 mod 7 

and one of the coefficients has no common divisor with 7, then gcd(An, . . . , Ai n ) — 
1. 

14) Not every linear Diophantine system Bx — y can be rewritten as a modular sys- 
tem. The book [26] mentions a problem from the 18th international math olympiad: 
Show that Ax = be a linear system of equations with Aij G { — 1,0, 1}, 1 < i < 
p, 1 < j < 2p has a nonzero integer solution vector x with \xj\ < q. 

15) If we write down a random system of linear modular equations Ax = b mod m 
like taking random integers {0, 1, . . . , n} in each entry of the matrix, vector b and 
rh. What is the chance to have a solution? It is well known that the probability 
of two numbers to be coprime is asymptotically 1/C(2) = 6/tt 2 ~ 0.61.... Thus 
the condition that pt is not coprime to any of the row entries Ay has probabil- 
ity (1 — 1/C(2))™ and the condition to have this in one row is bound above by 
n(l — 1/C(2)) n which goes to zero. The only relevant condition asymptotically is 
therefore the second condition that all the rrij are pairwise prime. The probability 
of the vector rh to be coprime is l/Q{n) which goes to 1 exponentially fast, but the 
probability to be pairwise coprime goes to zero. Thus we can only say that condi- 
tioned to the pairwise coprimality assumption of the rtii, a random linear modular 
system asymptotically has a solution almost surely. 

16) A different generalization of the CRM theorem where the concept of congru- 
ence is generalized can be found in [7 . In (TU], the CRT has been generalized 
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Figure 1. The map is a bijection between the two finite sets 
X = Z n /L and y — Z mi x • • • x Z mra . The picture visualizes the 
linear system Ax + lly = 2 mod 5, 11a; + 13y = 1 mod 19 which 
has the solution (x,y) = (8,5). The vectors (11,-2), (—2,9) span 
the lattice of the kernel. 



using a more general group context. The authors apply the theory to systems 
Ax = b mod rh in section 2 (page 1205 of the paper). 

5. More about the proof 

Row operations as used in Gaussian elimination are not in general permitted to 
solve the problem Ax = b mod rh because each row is an equation in a different 
ring of integers. But the geometric solution of the CRT can be generalized to solve 
the general case as well as to locate small solution vectors. 

Let us prove the multivariable CRT in more detail as in the introduction. As- 
sume gcd(mi,irij) = 1 for all i ^ j and that for all i = l,...,n, there exists j 
such that gcd(ajj, nii) — 1. We show that there is a solution x to the linear system 
Ax = b mod m for all b. We also have to prove that the solution x is unique in a par- 
allelepiped spanned by n vectors. This parallelepiped contains M = ■m\m,2 ■ ■ ■ m n 
lattice points. 

I. Existence. 

We have seen that <j> : x — > Ax mod rh is a group homomorphism from X = Z n 
to the finite group y = Z mi x ■ ■ • x Z mn = y/L. We can think of y as a discrete 
torus with M = mi ■ m 2 ■ ■ ■ ■ m n lattice points. We can think of the order M of the 
group as the "volume" of the torus y. ker(</>) is a lattice La satisfying X = X/La 
and im(0) is a subgroup of y. The quotient group X and the image are isomor- 
phic. The kernel La is a lattice in X spanned by n vectors k%, . . . ,k n . We think 
of the quotient X = X/La as a "discrete torus" with "volume" \X\. Because (f> 
is injective on X, there exist vectors y*i^y such that |jf=i A(X) + yi = y and 
d(A)vo\(X) = vol(y). If d(A) = 1 the problem is solvable: for b, there exists a 
unique integer vector x in X such that Ax = b mod rh. 
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II. Construction of a solution In order to construct a solution of Ax = b mod rh, 

we have to find both the lattice La and a particular solution x of the equation 
Ax = b mod rh, then reduce x modulo the lattice to make it small. 

i) Finding a particular solution 

To find the particular solution, we pick Pivot elements dijtk) m the matrix A: 
these are entries in the i'th row which are relatively prime to m^. Let e*j denote the 
standard basis in n-dimensional space. Consider a curve x(t) = tej^ in X, where t 
is an integer. Using the assumption on the rows, we see that there exists an integer 
t\ so that x(t) solves the first equation. Now take the curve x(t) = tiej^+tmiej^)- 
There is an integer ti so that x(t) solves the second equation. We use here the fact 
that uii is relatively prime to m^. Note that x(t) solves the first equation for all t. 
Continue now until the final solution x(t) — ^2 ti(m\ ■ ■ ■ m^eij^ is found. 
Remark: Because X and y are isomorphic groups, there is a one-dimensional "dis- 
crete line" r(t) = tv such that r(t)/LA covers y. We could find a special solution 
by searching on that line, which is a problem of the CRT. We have the problem to 
find a vector v such that Ar{t) = A(tv) = tw covers the entire set y. 

Lets look at the example 

4x + I7y = 2 mod 5 
lLr + 13y = I mod 19 . 

Because all moduli are prime, any nonzero matrix element is a Pivot element in 

this example. We can pick = l,j(2) = 2. Take the line x(t) = te\ = * 

and look for t\ such that the first equation is solved. This means 4x = 2 mod 5 
which gives x = 3. 



Now consider the line x(t) = 3e*i + 5ie*2 



3 
5i 



For every t, the first equation is 



solved. The second equation gives 33 + 65t = I mod 19. which is solved by t = 15. 
3 

solves the system. 



So, f(l) 



75 



We could have solved the system also by taking the parametrized line r(t) = 
(x(t),y(t) = (t,t) which is mapped by A to the line (Ar(t)) = (lli,25t) = (t,5t) 
on the discrete torus. It leads to the CRT problem 

t = 2 mod 5 
5t = 1 mod 19 

which is solved for t = 42 so that we get the particular solution (x, y) = r(42) = 
(42,210). 



ii) Finding the kernel. 

On every line r(t) = (0, t, ...0), there is a point x which solves Ax = mod rh. By 
the pigeon hole principle, the set {Ax mod rh \ t e [0, M]} must hit some point in 
the image twice. But then A(x — y) — mod fa. If we take n + 1 equations Ax^ = 
y( l ) mod rh, then the collection of vectors j/W is linearly dependent. Therefore, there 
exist rational numbers q such that Cjy^ = mod rh so that ^ CjX^ = 
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is in the kernel. After multiplying with a common multiple of the denominators 
of the rational numbers c,-, we can assume Cj to be integers. We first look for n 
linearly independent vectors ki solving Aki = mod to. Define if to be a matrix 
which contains the vectors fc, as row vectors. Use the LLL algorithm ([2] section 
2.6) to reduce the lattice to a small lattice. It turns out that this is often not good 
enough. The lattice has a size which is a multiple of p. In order to find the lattice 
La of the kernel, we need 

det(K) — M = TO1TO2 ■ • • to„ . 

Let k = det(A)/p and let k = qi-..qi be the prime factorization of k. We can 
now look whether y^'/cij are integer vectors in the kernel for each i = 1, ,.,,n 
and j = 1, . . . , I and if yes replace the basis vectors. Successive reduction of the 
lattice can lead us to the kernel for which det(K) = p. If not, we start all over and 
construct a new lattice. 

6. Outlook 

Complexity. 

For a linear system of equations Ax — b mod to, the problem is to find a maximal 
lattice La in Z™ , which is the kernel of the group homomorphism x > Ax from Z" 
to the module y = "L m i_ x • • • x Z mn so that its fundamental region X is mapped 
bijectively onto AX C y . Next, we have to decide whether b is in AX and if affir- 
mative, construct x £ X which satisfies Ax — b mod to. How fast can this be done? 
To find the kernel of the group homomorphism T(x) = Ax mod to, we produce a 
large set of solutions of T(x) = and then reduce this to a small lattice using the 
LLL algorithm. If H is the matrix which contains the reduced kernel vectors as 
columns then AH = mod to. In general, det(H) ^ M, but we know that there 
exists a kernel for which det(iJ) = M . How do we find such a matrix H directly? 
To decide whether Ax = b mod m has a solution or not is addressed in [6]. The 
multivariable CRT gives a criterion for the existence of solutions. One can often 
detect, whether one of the equations has no solution. This happens for example, 
if an, ... , CLi n , TOi have a common denominator which is not shared by the denomi- 
nators of hi. If all TOj are equal to some number to with distinct prime factors can 
make a fast decision: by the CRT, a solution exists if and only if a solution exists 
modulo each prime factor of to and the later decisions can be done by computing 
determinants in finite fields. 

Iteration of modular linear maps. 

The map T(x) — Ax mod to defines a dynamical system on the finite group Z mi x 
... x Z. m?i . Since the discrete torus y does not match with the torus X, orbits on 
this finite set behave in general rather irregularly. The system can be extended 
to the real torus R/(m,iL) x R/(m n Z), where it is in general a hyperbolic map. 
The orbits behave differently, if A is very singular, for example if A has only one 
column. The map 



T 



X 




' 31x- 


f 34y " 


mod 


7 


. y _ 




3x4 


-3% _ 


17 



for example has 6 different orbits on y with a maximal orbit length of 49. It seems 
difficult to find ergodic examples with different moduli where ergodic means that 
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Systems of modular polynomial equations 

The algorithm to solve systems of linear modular equations extends also to solve 
systems of nonlinear polynomial equations P(x) — b mod m with 



too, but in general, we do not have criteria which assure that such a system has 
solution. We need to solve the individual equations An example is Chevally's the- 
orem (i.e. [9]) which tells that P is a polynomial of degree smaller than n and zero 
constant term, then P(xi, x n ) = p can be solved as long as p is prime. Lets look 
at the general problem. Start solving the first equation. Using x = (ant, ...,a\ n t) 
we have to solve a problem for a single variable qi(t) = mod mi, where qi 
is a polynomial. With a solution t%, try to solve the second equation for t using 
x = (rnia2it, .., m n a,2 n t) + (anti, ai n t\). which solves the first equation etc. 
For example, consider the system of nonlinear modular equations 



Start with the "Ansatz" (x, y, z) = (t, t, t). The first equation is t 2 (2 + t) = 1 mod 5 
which has the solution t = 2. Now put (x,y,z) = (2, 2, 2)+i-5(l, 1, 1). which solves 
the first equation and plug it into the second equation. This is (2 + 5t) 2 (2+3t+t 2 ) = 
1 mod7 and solved for t = 0. The point (2, 2, 2) + i(5, 5, 5) = (2, 2, 2) solves also 
the second equation. Now plug-in (2, 2, 2) + 5 • 7(0, 2t, t), which solves the first two 
equations for all t, into the third equation which requires to solve 6 + 5(2 + 35t) — 
2(2 + 70i) 3 = 7 mod 11 which is equivalent to 4 + 4i + 2t 2 + 5t 3 + 3£ 4 = 7 mod 11 and 
solved for t = 1. So, the final solution found is (2, 2, 2) + 5 • 7(0, 2, 1) = (2, 72, 37). 
This method does not necessarily find small solutions like (2,6,4). 

Nonlinear systems of modular equations with different moduli but with one variable 
can be treated with the CRT. Ore [21] illustrates it with the example 

x 3 - 2x + 3 = mod 7 

2a; 2 = 3 mod 15 . 



P k (xi,...,x n ) = b k mod m k 



x 2 + y 3 + z 2 
x 3 + 2y 4 - z 2 
ix - 2y 3 + 5z 4 



7 mod 11 . 



1 mod 5 



1 mod 7 



Because the first equation has solutions x = 2 mod 7 and the second has solutions 
x = ±3 mod 15, we are in the case of the CRT. In general, systems of polynomial 
equations in one variable often lead to CRT problems. 
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7. MATHEMATICA CODE 

Here is some example code if a reader wants to experiment. The first few lines find 
and plot the lattice of solutions Ax = mod p by brute force and then do LLL 
reduction. 



a = 13; b = 19; c = 11; d = 15; q = 29; p = 31; 

s = {}; Do[If [Mod[a*x+b*y ,p]==0 && Mod[ c *x+d*y , q] ==0 , 

s=Append[s, {x , y}]], {x, -100, 100}, {y, -100, 100}]; 

L=LatticeReduce [ s ] ; M={{0 ,0} ,L [ [ 1 ] ] + L [ [ 2 ] ] } ; 

Graphics [{{Blue , PointSize [0.01] ,Map[Point , s]} , 
{Yellow, Polygon [{M[[l]] ,L[[1]] ,M[[2]] ,L[[2]]}]} , 
{Red, PointSize [0.0 2] ,Map[ Point , Join [L ,M] ]}} ] 



The following routines find solutions according to the proof of the multivariable 
CRT: 



Pivot [A_,P_]:=Module[{n=Length[A] ,p} ,p=Table[0 ,{n}] ; 

Do[Do[If[GCD[A[[i ,j]] ,P[[i]]]= = l,p[[i]] = j] ,{j ,n}],{i ,n}];p] 
GCDv[p_]:=Max[Table[GCD[p [[ i ]] ,p[[j]]] , 

{i ,Length[p]} ,{j , i +1 , Length [ p ] }]] ; 
HasSol [A_,P_]:=Module[{p=PivotEntries [A, P]} , 

Product [p [ [ i ]] ,{ i , Length [p]}] >0 kk GCDv[P] = = l]; 
CheckSol [ A_ , B_ , X_ , P_] : = 

Table[Mod[(A.X)[[i]]-B[[i]] ,P[[i]]] ,{ i , Length [A] }] ; 
LinearModSol [ A_ , B , P_] : =Module [ { n=Length [A] ,p,X,q,sum,j , pi}, 

p=Pivot [A,P] ; X=Table[0 ,{n}] : q = l; 

Do[j=p[[i]]; pi=P[[i]]; bi=B[[i]]; aij=A [ [ i , j ] ] ; 
sum=Sum[A [ [ i , k ] ] *X [ [ k ] ] , { k , n } ] ; 

t^Mod[PowerMod[q* aij , — 1 , pi ] * ( bi— sum) , pi ] ; 

X[[j]]=X[[j]] + t*q; q=q*pi,{i ,n}]; X]; 

A={{4, 3, 3, 3}, {1,-1, 5, 5}, {1,5, 3, 7}, {1,5, 2, 2}}; 

B = {1,2,3,4}; P= {3,5,7,11}; X=LincarModSol [A,B,P] 

CheckSol [A,B,X,P] 



Finally, here is the verification of the example in the introduction 



A={{101 ,107} ,{51 ,22}}; b = {3,7}; m={117,71}; 

x = {25,65}; L = {{73 ,47} ,{ -82 ,61}}; 

{Mod[A.x-b,m] ,Mod[A.L[[l]] ,m] ,Mod[A. L [ [ 2 ] ] ,m]} 
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